Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 4180 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Untrusted / Self Signed certificates

emerson8
Saw a thread describing the same issue;

User cannot (easily) connect to a site with a self-signed certificate.
More or less the same "add exception" comes up as it does when surfing directly to the site, but with the difference that you can ONLY add this exception if you login with the user/pass to the Astaro-box with admin-rights.


This is in one way a "neat" feature to be able to add exceptions on the fly as "admin", but it's not a solution for the users.


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Coder68
    Coder68, you misread his post; the problem is that unless the Astaro has a root or intermediate certificate installed in the proxy config that trusts the self-signed cert-equipped sites that a user may access, the proxy denies the connection (and rightfully so).  I think a good workaround for the issue would be for Astaro to allow admins to assign user groups the rights to be able to tell the Astaro to "trust" these sites; currently the feature is only configurable by users with full admin rights to the Astaro unit.  I suggest that the OP go to feature.astaro.com and post their suggestion there so that Astaro developers can take a look at it.

    Another workaround, if all the self signed sites have common root(s), is to import the root cert for the CA used to create the self signed certificates into the Astaro itself via the HTTP/S proxy settings in Webadmin.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.